Security Incidents mailing list archives

Re: Oversized packets

From: kaos () OCS COM AU (Keith Owens)
Date: Sun, 7 May 2000 11:29:31 +1000


On Thu, 4 May 2000 23:14:58 -0300,
Paulo Ribeiro <prrar () NITNET COM BR> wrote:

May  1 13:19:00 slack kernel: Oversized packet received from
44.226.139.125
May  1 13:19:00 slack kernel: Oversized packet received from
96.57.171.73


It could be packet corruption on your incoming connection but it is
more likely to be the Ping of Death attack.  If the messages occur in
the middle of normal sessions from those addresses then suspect
hardware and/or software problems.  If the packets are isolated,
suspect Ping of Death.  For PoD it is very likely that the IP address
is forged.

Current thread:

amd exploit(ed)?, (continued)
- - - amd exploit(ed)? Paulo Ribeiro (May 07)
    - Re: amd exploit(ed)? Mike Murray (May 08)
    - Re: amd exploit(ed)? Erich Meier (May 09)
    - Re: amd exploit(ed)? Jim Zajkowski (May 09)
    - Re: odd message showing up logs... Robert Graham (May 07)
  - Port 109 Scans Eric Maiwald (May 04)
    - Re: Port 109 Scans Stone (May 06)
  - Re: Lots netbios scans (udp 137) Erich Meier (May 04)
    - Re: Lots netbios scans (udp 137) Greg A. Woods (May 04)
  - Oversized packets Paulo Ribeiro (May 04)
    - Re: Oversized packets Keith Owens (May 06)